Security & IT News

New research from Keeper Security, reveals non-human identities and automated system-to-system interactions are becoming the top security risk for businesses in 2026.

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-097-01.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could allow a local attacker to disclose SQL Server credentials used by the affected products and use them to disclose, tamper with, or destroy data, or to cause a denial-of-service (DoS) condition on the system. /strong /p p The following versions of Mitsubishi Electric GENESIS64 and ICONICS Suite products are affected: /p ul li GENESIS64 lt;=10.97.3 (CVE-2025-14815, CVE-2025-14816) /li li ICONICS Suite lt;=10.97.3 (CVE-2025-14815, CVE-2025-14816) /li li MobileHMI lt;=10.97.3 (CVE-2025-14815, CVE-2025-14816) /li li Hyper Historian lt;=10.97.3 (CVE-2025-14815, CVE-2025-14816) /li li AnalytiX lt;=10.97.3 (CVE-2025-14815, CVE-2025-14816) /li li MC Works 64 vers:all/* (CVE-2025-14815, CVE-2025-14816) /li li GENESIS lt;=11.02 (CVE-2025-14815, CVE-2025-14816) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.8 /td td Mitsubishi Electric /td td Mitsubishi Electric GENESIS64 and ICONICS Suite products /td td Cleartext Storage of Sensitive Information, Cleartext Storage of Sensitive Information in GUI /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Mitsubishi Electric Iconics Digital Solutions is headquartered in the United States. Mitsubishi Electric is headquartered in Japan. /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-14815 /a /h3 div class="csaf-accordion-content" p When the local caching feature using SQLite is enabled and SQL authentication is used for the SQL Server authentication, the SQL Server credentials are stored in plaintext within the local SQLite file. This results in a vulnerability due to Cleartext Storage of Sensitive Information (CWE 312), which may lead to information disclosure, tampering, or denial of service (DoS). /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-14815" View CVE Details /a /p hr h4 Affected Products /h4 h5 Mitsubishi Electric GENESIS64 and ICONICS Suite products /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Mitsubishi Electric /div div class="ics-version" strong Product Version: /strong br Mitsubishi Electric GENESIS64: lt;=10.97.3, Mitsubishi Electric ICONICS Suite: lt;=10.97.3, Mitsubishi Electric MobileHMI: lt;=10.97.3, Mitsubishi Elec

h2 strong Advisory at a Glance /strong /h2 table tbody tr th Title /th td Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure /td /tr tr th Original Publication /th td April 7, 2026 /td /tr tr th Executive Summary /th td p Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley. This activity has led to PLC disruptions across several U.S. critical infrastructure sectors through malicious interactions with the project file and manipulation of data on human machine interface (HMI) and supervisory control and data acquisition (SCADA) displays, resulting in operational disruption and financial loss. nbsp; /p p U.S. organizations should urgently review the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) in this advisory for indications of current or historical activity on their networks, and apply the recommendations listed in the a href="#Mitigations" strong Mitigations /strong /a strong /strong section of this advisory to reduce the risk of compromise. /p /td /tr tr th Affected Products /th td ul li Rockwell Automation/Allen-Bradley manufactured PLCs /li li Potentially other branded PLCs /li /ul /td /tr tr th Key Actions /th td ul li Remove PLCs from direct internet exposure via secure gateway and firewall. /li li Query available logs for the provided IOCs in the corresponding time frames. /li li Check available logs for suspicious traffic on the ports associated with OT devices, including code 44818 /code , code 2222 /code , code 102 /code , and code 502 /code , especially traffic originating from overseas hosting providers. /li li For Rockwell Automation devices, place the physical mode switch on the controller into run position. nbsp;Contact the authoring agencies and Rockwell Automation for guidance if you believe your organization was targeted. /li /ul /td /tr tr th Indicators of Compromise /th td p For a downloadable copy of IOCs, see: /p ul li a href="https://www.cisa.gov/sites/default/files/2026-04/AA26-097A.stix_.xml" AA26-097A STIX XML /a (35KB) /li li a href="https://www.cisa.gov/sites/default/files/2026-04/AA26-097A.stix_.json" AA26-097A STIX JSON /a (12 KB) br nbsp; /li /ul /td /tr tr th Intended Audience /th td p strong Organizations: /strong Critical Infrastructure /p p strong Sectors: /strong a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/government-services-facilities-sector" title="Government Services and Facilities" Government Services and Facilities /a , a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/water-and-wastewater-sector" title="Water and Wastewater Systems" Water and Wastewater Systems /a (WWS), and a href="ht

Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI

When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most security investments, but that headline figure obscures the more persistent problems caused by recurring credential

Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware

According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong authorities changed the rules governing enforcement of the National Security Law. Under the revised framework, police can require individuals to provide passwords or other assistance to access personal electronic devices, including cellphones and laptops. The consulate warned that refusal to comply is now a criminal offense. It also said authorities have expanded powers to take and keep personal electronic devices as evidence if they claim the devices are linked to national security offenses.

Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced

New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge. GPUBreach goes a step further than GPUHammer, demonstrating for the first time that

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent

Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution. "The CustomMCP node allows users to input configuration settings for connecting

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]

A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]

Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. [...]

Mike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the “design choices create liability” framework seems worrying in the abstract, the New Mexico case provides a concrete example of where it leads in practice. One of the key pieces of evidence the New Mexico attorney general used against Meta was the company’s 2023 decision to add end-to-end encryption to Facebook Messenger. The argument went like this: predators used Messenger to groom minors and exchange child sexual abuse material. By encrypting those messages, Meta made it harder for law enforcement to access evidence of those crimes. Therefore, the encryption was a design choice that enabled harm. The state is now seeking court-mandated changes including “protecting minors from encrypted communications that shield bad actors.” Yes, the end result of the New Mexico ruling might be that Meta is ordered to make everyone’s communications less secure. That should be terrifying to everyone. Even those cheering on the verdict. End-to-end encryption protects billions of people from surveillance, data breaches, authoritarian governments, stalkers, and domestic abusers. It’s one of the most important privacy and security tools ordinary people have. Every major security expert and civil liberties organization in the world has argued for stronger encryption, not weaker. But under the “design liability” theory, implementing encryption becomes evidence of negligence, because a small number of bad actors also use encrypted communications. The logic applies to literally every communication tool ever invented. Predators also use the postal service, telephones, and in-person conversation. The encryption itself harms no one. Like infinite scroll and autoplay, it is inert without the choices of bad actors ­- choices made by people, not by the platform’s design. The incentive this creates goes far beyond encryption, and it’s bad. If any product improvement that protects the majority of users can be held against you because a tiny fraction of bad actors exploit it, companies will simply stop making those improvements. Why add encryption if it becomes Exhibit A in a future lawsuit? Why implement any privacy-protective feature if a plaintiff’s lawyer will characterize it as “shielding bad actors”? And it gets worse. Some of the most damaging evidence in both trials came from internal company documents where employees raised concerns about safety risks and discussed tradeoffs. These were played up in the media (and the courtroom) as “smoking guns.” But that means no company is going to allow anyone to raise concerns ever again. That’s very, very bad. In a sane legal environment, you want companies to have these internal debates. You want engineers and safety teams to flag potential risks, wrestle with difficult tradeoffs, and document their reasoning. But wh

An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3, March 13, and March 23, 2026, per Check Point. "The campaign is primarily

Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. [...]

An apparent North Korean worker was caught visibly stumped during a remote job interview when asked to insult the country's leader.